diff options
author | gdt <gdt@pkgsrc.org> | 2012-08-14 22:08:09 +0000 |
---|---|---|
committer | gdt <gdt@pkgsrc.org> | 2012-08-14 22:08:09 +0000 |
commit | 8953e3d5d86c21e5b812672c9216ff48229f510e (patch) | |
tree | 2e040a65f5c90b37da28c66703daebfc328a5fab | |
parent | a044e1e3af21349126bfeaae4d03e31d72e020c6 (diff) | |
download | pkgsrc-8953e3d5d86c21e5b812672c9216ff48229f510e.tar.gz |
Update to 3.2.1.
(This is a security release, but pkgsrc already had patches from
upstream.)
This version corrects two heap overflows reported by our users:
- A small write overflow, reported by Justin Ferguson
- A large read overflow, reported by Ben Hawkes
-rw-r--r-- | chat/libotr/Makefile | 6 | ||||
-rw-r--r-- | chat/libotr/distinfo | 12 | ||||
-rw-r--r-- | chat/libotr/patches/patch-CVE-2012-3461-aa | 46 | ||||
-rw-r--r-- | chat/libotr/patches/patch-CVE-2012-3461-ab | 36 | ||||
-rw-r--r-- | chat/libotr/patches/patch-CVE-2012-3461-ac | 45 | ||||
-rw-r--r-- | chat/libotr/patches/patch-CVE-2012-3461-ad | 27 |
6 files changed, 7 insertions, 165 deletions
diff --git a/chat/libotr/Makefile b/chat/libotr/Makefile index fbd10d13dff..4f6ec80bf2f 100644 --- a/chat/libotr/Makefile +++ b/chat/libotr/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.11 2012/08/09 10:06:46 drochner Exp $ +# $NetBSD: Makefile,v 1.12 2012/08/14 22:08:09 gdt Exp $ -VERSION= 3.2.0 +VERSION= 3.2.1 DISTNAME= libotr-${VERSION} -PKGREVISION= 2 CATEGORIES= chat security MASTER_SITES= http://www.cypherpunks.ca/otr/ @@ -10,6 +9,7 @@ MAINTAINER= nathanw@NetBSD.org # also gdt@NetBSD.org HOMEPAGE= http://www.cypherpunks.ca/otr/ COMMENT= Library for Off-The-Record encrypted messaging +LICENSE= gnu-gpl-v2 PKG_DESTDIR_SUPPORT= user-destdir diff --git a/chat/libotr/distinfo b/chat/libotr/distinfo index 50b4bfa1c0d..b3f581e1b6c 100644 --- a/chat/libotr/distinfo +++ b/chat/libotr/distinfo @@ -1,9 +1,5 @@ -$NetBSD: distinfo,v 1.7 2012/08/09 10:06:47 drochner Exp $ +$NetBSD: distinfo,v 1.8 2012/08/14 22:08:09 gdt Exp $ -SHA1 (libotr-3.2.0.tar.gz) = e5e10b8ddaf59b0ada6046d156d0431cd2790db9 -RMD160 (libotr-3.2.0.tar.gz) = 937f512415eb3b82d5730b1aafbe5d55f4f153da -Size (libotr-3.2.0.tar.gz) = 430299 bytes -SHA1 (patch-CVE-2012-3461-aa) = f1faa1e43da256d44194817aeb59b3e92ddaffb2 -SHA1 (patch-CVE-2012-3461-ab) = 2827193d1cd440700f09cd7312ec9954a81aea11 -SHA1 (patch-CVE-2012-3461-ac) = abbecb337f3a7109b4a41debb2109528c64e22a0 -SHA1 (patch-CVE-2012-3461-ad) = 13edba7d8f16fc122ce2fd4fb2579e7e70056d5a +SHA1 (libotr-3.2.1.tar.gz) = 898bf00d019f49ca34cd0116dd2e22685c67c394 +RMD160 (libotr-3.2.1.tar.gz) = 07deab0a7f63680e44c3a631666b9b4a21bd66cf +Size (libotr-3.2.1.tar.gz) = 414684 bytes diff --git a/chat/libotr/patches/patch-CVE-2012-3461-aa b/chat/libotr/patches/patch-CVE-2012-3461-aa deleted file mode 100644 index a87e9fff30e..00000000000 --- a/chat/libotr/patches/patch-CVE-2012-3461-aa +++ /dev/null @@ -1,46 +0,0 @@ -$NetBSD: patch-CVE-2012-3461-aa,v 1.1 2012/08/09 10:06:47 drochner Exp $ - ---- src/b64.c.orig 2008-05-27 12:35:28.000000000 +0000 -+++ src/b64.c -@@ -55,7 +55,7 @@ VERSION HISTORY: - \******************************************************************* */ - - /* system headers */ --#include <stdlib.h> -+#include <stdio.h> - #include <string.h> - - /* libotr headers */ -@@ -147,8 +147,9 @@ static size_t decode(unsigned char *out, - * base64 decode data. Skip non-base64 chars, and terminate at the - * first '=', or the end of the buffer. - * -- * The buffer data must contain at least (base64len / 4) * 3 bytes of -- * space. This function will return the number of bytes actually used. -+ * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes -+ * of space. This function will return the number of bytes actually -+ * used. - */ - size_t otrl_base64_decode(unsigned char *data, const char *base64data, - size_t base64len) -@@ -234,13 +235,18 @@ int otrl_base64_otr_decode(const char *m - return -2; - } - -+ /* Skip over the "?OTR:" */ -+ otrtag += 5; -+ msglen -= 5; -+ - /* Base64-decode the message */ -- rawlen = ((msglen-5) / 4) * 3; /* maximum possible */ -+ rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen); /* maximum possible */ - rawmsg = malloc(rawlen); - if (!rawmsg && rawlen > 0) { - return -1; - } -- rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5); /* actual size */ -+ -+ rawlen = otrl_base64_decode(rawmsg, otrtag, msglen); /* actual size */ - - *bufp = rawmsg; - *lenp = rawlen; diff --git a/chat/libotr/patches/patch-CVE-2012-3461-ab b/chat/libotr/patches/patch-CVE-2012-3461-ab deleted file mode 100644 index 303da92fd1f..00000000000 --- a/chat/libotr/patches/patch-CVE-2012-3461-ab +++ /dev/null @@ -1,36 +0,0 @@ -$NetBSD: patch-CVE-2012-3461-ab,v 1.1 2012/08/09 10:06:47 drochner Exp $ - ---- src/b64.h.orig 2008-05-27 12:35:28.000000000 +0000 -+++ src/b64.h -@@ -20,6 +20,19 @@ - #ifndef __B64_H__ - #define __B64_H__ - -+#include <stdlib.h> -+ -+/* Base64 encodes blocks of this many bytes: */ -+#define OTRL_B64_DECODED_LEN 3 -+/* into blocks of this many bytes: */ -+#define OTRL_B64_ENCODED_LEN 4 -+ -+/* An encoded block of length encoded_len can turn into a maximum of -+ * this many decoded bytes: */ -+#define OTRL_B64_MAX_DECODED_SIZE(encoded_len) \ -+ (((encoded_len + OTRL_B64_ENCODED_LEN - 1) / OTRL_B64_ENCODED_LEN) \ -+ * OTRL_B64_DECODED_LEN) -+ - /* - * base64 encode data. Insert no linebreaks or whitespace. - * -@@ -33,8 +46,9 @@ size_t otrl_base64_encode(char *base64da - * base64 decode data. Skip non-base64 chars, and terminate at the - * first '=', or the end of the buffer. - * -- * The buffer data must contain at least (base64len / 4) * 3 bytes of -- * space. This function will return the number of bytes actually used. -+ * The buffer data must contain at least ((base64len+3) / 4) * 3 bytes -+ * of space. This function will return the number of bytes actually -+ * used. - */ - size_t otrl_base64_decode(unsigned char *data, const char *base64data, - size_t base64len); diff --git a/chat/libotr/patches/patch-CVE-2012-3461-ac b/chat/libotr/patches/patch-CVE-2012-3461-ac deleted file mode 100644 index 1690cb856d1..00000000000 --- a/chat/libotr/patches/patch-CVE-2012-3461-ac +++ /dev/null @@ -1,45 +0,0 @@ -$NetBSD: patch-CVE-2012-3461-ac,v 1.1 2012/08/09 10:06:47 drochner Exp $ - ---- src/proto.c.orig 2008-05-27 12:35:28.000000000 +0000 -+++ src/proto.c -@@ -537,13 +537,17 @@ gcry_error_t otrl_proto_data_read_flags( - msglen = strlen(otrtag); - } - -+ /* Skip over the "?OTR:" */ -+ otrtag += 5; -+ msglen -= 5; -+ - /* Base64-decode the message */ -- rawlen = ((msglen-5) / 4) * 3; /* maximum possible */ -+ rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen); /* maximum possible */ - rawmsg = malloc(rawlen); - if (!rawmsg && rawlen > 0) { - return gcry_error(GPG_ERR_ENOMEM); - } -- rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5); /* actual size */ -+ rawlen = otrl_base64_decode(rawmsg, otrtag, msglen); /* actual size */ - - bufp = rawmsg; - lenp = rawlen; -@@ -606,14 +610,18 @@ gcry_error_t otrl_proto_accept_data(char - msglen = strlen(otrtag); - } - -+ /* Skip over the "?OTR:" */ -+ otrtag += 5; -+ msglen -= 5; -+ - /* Base64-decode the message */ -- rawlen = ((msglen-5) / 4) * 3; /* maximum possible */ -+ rawlen = OTRL_B64_MAX_DECODED_SIZE(msglen); /* maximum possible */ - rawmsg = malloc(rawlen); - if (!rawmsg && rawlen > 0) { - err = gcry_error(GPG_ERR_ENOMEM); - goto err; - } -- rawlen = otrl_base64_decode(rawmsg, otrtag+5, msglen-5); /* actual size */ -+ rawlen = otrl_base64_decode(rawmsg, otrtag, msglen); /* actual size */ - - bufp = rawmsg; - lenp = rawlen; diff --git a/chat/libotr/patches/patch-CVE-2012-3461-ad b/chat/libotr/patches/patch-CVE-2012-3461-ad deleted file mode 100644 index 478448a2d33..00000000000 --- a/chat/libotr/patches/patch-CVE-2012-3461-ad +++ /dev/null @@ -1,27 +0,0 @@ -$NetBSD: patch-CVE-2012-3461-ad,v 1.1 2012/08/09 10:06:47 drochner Exp $ - ---- toolkit/parse.c.orig 2008-05-27 12:35:28.000000000 +0000 -+++ toolkit/parse.c -@@ -64,7 +64,8 @@ static unsigned char *decode(const char - { - const char *header, *footer; - unsigned char *raw; -- -+ size_t rawlen; -+ - /* Find the header */ - header = strstr(msg, "?OTR:"); - if (!header) return NULL; -@@ -75,8 +76,10 @@ static unsigned char *decode(const char - footer = strchr(header, '.'); - if (!footer) footer = header + strlen(header); - -- raw = malloc((footer-header) / 4 * 3); -- if (raw == NULL && (footer-header >= 4)) return NULL; -+ rawlen = OTRL_B64_MAX_DECODED_SIZE(footer-header); -+ -+ raw = malloc(rawlen); -+ if (raw == NULL && rawlen > 0) return NULL; - *lenp = otrl_base64_decode(raw, header, footer-header); - - return raw; |